Single Sign On with Cisco ASA 5505 and other SSO Product

We are currently looking at implementing a Cisco ASA 5505. Likewise, we are looking to implement single sign on to both network based resources (RemoteApp/Desktops, fileshares) and also extranet Web sites.

My question is: Is there a way to integrate VPN sign on through the ASA with SSO for access to the rest of the enterprise resources? In other words, is there a way for the other applications to know that the Cisco VPN has signed on and to take those credentials and apply them going forward? Or will my users have to log in twice: once to the VPN and once to the designated SSO resource.

I read the ISA Server might have some features around this. Any advice?

Who is Participating?

Yes, you can have a VPN configuration with Remote authinbound validation, and an aaa configured for Radius authentication towards Cisco ACS. Cisco ACS helps you in AD authentication. Then you can connect to your VPN through the same windows credentials.
You may have to create .pcf file for connection with an username/passwd which was provided while creating EzyVPN, but when connecting it will only prompt for windows username and password.